"Protecting information begins by understanding what information the company has, the extent to which it really needs it, where it comes from, where it is located and how it is used, processed, secured, transferred and shared."

Attorney Advisory, Edwards Wildman,

November 2013

"Businesses must develop, implement, maintain and monitor a "comprehensive written information security program" designed to ensure the security and confidentiality of any records containing personal information"

Attorney Advisory, Loeb and Loeb

"A well-trained workforce is the best defense against identity theft and data breaches."

Federal Trade Commission,

Protecting Personal Information: A Guide for Business

"Compliance programs should include an audit of a company’s current and planned data collection, processing, use, storage and transfer practices to ensure that its privacy and security policies are accurate and sufficient."

Attorney Advisory, Edwards Wildman November 2013

"Covered Entities must "implement a security awareness and training program for all members of its workforce (including management)"

HIPAA Security Rule

45 CFR Sec. 164.308(a)(5)(i)

"U.S. and international laws, and industry self-regulation ... have made it essential that companies understand what data they collect; how and where it is stored, processed and secured; who can access it, and under what circumstances; and how it is used, shared and transferred, and for what purposes."

Attorney Advisory, Edwards Wildman,November 2013

"Identify what information must be kept, how to secure it, how long to keep it, and how to dispose of it securely."